<?php
session_start();
include ( "config/config.php" );

	( $_POST['uname'] ) ? $username = $_POST['uname'] :	$username = "";
	( $_POST['pword'] ) ? $password = $_POST['pword'] :	$password = "";
	( $_POST['email'] ) ? $email = $_POST['email'] :	$email = "";
	( $_POST['fname'] ) ? $firstname = $_POST['fname'] :	$firstname = "";
	( $_POST['lname'] ) ? $lastname = $_POST['lname'] : $lastname = "";
	( $_POST['opsManager'] ) ? $opsManager = $_POST['opsManager'] :	$opsManager = "";
	( $_POST['opsemail'] ) ? $opsemail = $_POST['opsemail'] :	$opsemail = "";
	( $_POST['address1'] ) ? $address1 = $_POST['address1'] : $address1 = "";
	( $_POST['address2'] ) ? $address2 = $_POST['address2'] : $address2 = "";
	( $_POST['city'] ) ? $city = $_POST['city'] : $city = "";
	( $_POST['postcode'] ) ? $postcode = $_POST['postcode'] : $postcode = "";
	( $_POST['lob'] ) ? $lob = formatLOBstring( $_POST['lob'] ) : $lob = "";
	( $_POST['logo'] ) ? $logo = $_POST['logo'] :	$logo = "";
	( $_POST['status'] ) ? $status = $_POST['status'] :	$desc = "";
	( $_POST['userid'] ) ? $userid = $_POST['userid'] :	$desc = "";

	function formatLOBstring( $lobArray) {
			$lob = "";
		foreach ( $lobArray as $key => $val ){
			$lob .= $val.";";
		}
		// delete last char from string
		$lob = substr_replace($lob,"",-1);
		
		return $lob;
	}

	require_once( SITEBASE."/system/db/dbconnect.class.php" );
	$db = new Connection();
	
	// check to see if the user is already in the database
	if ( $_POST['adduser'] ) {
			$res = $db->selectQuery("SELECT * FROM `user_login` WHERE `username` LIKE '".$username."' LIMIT 0 , 30 ");
			$num_rows = mysql_num_rows($res);
			if ( $num_rows > 0 ) {
	
	
			$user = mysql_fetch_object($res);
			$_SESSION['errMsg'] = "Username already exists. To amend this user please click <a href=\"amenduser.php?id=".$user->id."\">amend user</a>";
			$_SESSION['errCode'] = 1;
			$_SESSION['submitted_form_fields'] = serialize($_POST);
			header("Location: adduser.php");
			return false;
			}
	}
	
	if ( $_POST['adduser'] ) {
		$sql = "INSERT INTO `user_login` VALUES ( NULL, '".$username."', md5('".$password."'), ".$status.", '".addslashes($firstname)."', '".addslashes($lastname)."', 0, 0, now());";
	}
	if ( $_POST['amenduser'] ) {
	
	$sql = "UPDATE `user_login` SET ";
	$sql .= "`username` = '".$username."', ";
	
	if ($password != "" || $password != NULL){
	$sql .= "`password` = md5('".$password."'), ";
	}
	$sql .= "`accessLevel` = '".$status."', ";
	$sql .= "`firstname` = '".$firstname."', ";
	$sql .= "`lastname` = '".$lastname."' ";
	$sql .= "WHERE `id` = '".$userid."' LIMIT 1 ;";
	
	}
		
	$res = $db->selectQuery($sql);
		
	if ($res) {	
	if ( $_POST['logo'] ) {
		// we have a file to handle
			$uploaddir = $_SERVER["DOCUMENT_ROOT"]."/images/logos/";
			$uploadfile = $uploaddir . basename($_FILES['logoImage']['name']);
			
			if (move_uploaded_file($_FILES['logoImage']['tmp_name'], $uploadfile)) {
 				   $fileupload = TRUE;
 				   $theFileName = $_FILES['logoImage']['name'];
			} else {
				   $fileupload = FALSE;
				   $theFileName = "";
			}
	}else{
	$theFileName = "";
	}
	
	if ( $_POST['adduser'] ) {
	$sql = "INSERT INTO `user_profile` VALUES ( NULL, LAST_INSERT_ID(), '".$address1."', '".$address2."', '".$city."', '".$postcode."',  '".$email."', '".$lob."', '".$opsManager."', '".$opsemail."', '', '".$theFileName."', 'coffee', 0);";
	}
	if ( $_POST['amenduser'] ) {
	
	$sql = "UPDATE `user_profile` SET ";
	$sql .= "`address1` = '".$address1."', ";
	
	
	$sql .= "`address2` = '".$address2."', ";
	$sql .= "`city` = '".$city."', ";
	$sql .= "`postcode` = '".$postcode."', ";
	$sql .= "`email` = '".$email."', ";
	$sql .= "`lob` = '".$lob."', ";
	$sql .= "`opsManager` = '".$opsManager."', ";
	$sql .= "`opsemail` = '".$opsemail."', ";
	if ( $_POST['logo'] ) {
	$sql .= "`logo` = '".$theFileName."', ";
	}
	$sql .= "`coffee` = 'coffee' ";
	$sql .= "WHERE `user_profile`.`loginId` = '".$userid."';";
	
	}
	
	
	$res = $db->selectQuery($sql);
	
	
	$table = "Username: ".$username."</br>";
	$table .= "Password: ".$password;
	
	require_once(SITEBASE."system/classes/class.phpmailer.php");
	$mail = new PHPMailer();
	$mail->IsSMTP();  // set mailer to use SMTP
	//$mail->Host = "post.toucan.uk.com";  // specify main and backup server
	$mail->Host = "87.106.246.179";  // specify main and backup server
	$mail->SMTPAuth = true;     // turn on SMTP authentication
	$mail->Username = "carl@caramba-marketing.co.uk";  // SMTP username
	$mail->Password = "wells"; // SMTP password
	$mail->From = "carl@scaramba-marketing.co.uk";
	$mail->FromName = "OCS Toolbox";
	$mail->AddAddress("carl@caramba-marketing.co.uk", "Carl");
	$mail->WordWrap = 80;                                 // set word wrap to 80 characters
	$mail->IsHTML(true);                                  // set email format to HTML
	$mail->Subject = "New Password For OCS Toolbox";	
	$mail->Body    = $table;
	$mail->AltBody = $table;
	
	$mail->Send();

	if ( $res ) {
	
	header("Location:users.php");
	}
	
	}
	//echo ($sql);
?>